Ledger‘s cybersecurity team has discovered an unpatched vulnerability in Android that could result in investors losing their cryptocurrencies.
The issue is related to a specific chip manufactured by Taiwanese company MediaTek. It’s the Dimensity 7300, also known as the MT6878, which is used in many Android smartphones currently on the market, including the recently released Solana Seeker.
This security issue is particularly serious because of where it occurs. The vulnerability resides in the chip’s boot ROM, meaning it runs when the smartphone is turned on. Because this code is embedded in the physical chip itself, it cannot be patched with regular software updates.
From malware that users might accidentally install on their computers to completely remote, zero-click exploits commonly used by state-backed organizations, it’s simply impossible to securely store and use private keys on these devices, Ledger experts wrote.
Interestingly, the Taiwanese manufacturer of the problematic chip quickly responded to Ledger’s statement, which is known for its Nano hardware crypto wallet. MediaTek stated that electromagnetic interference attacks are considered «inappropriate» for the MT6878 chip, as it was designed as a general consumer product, not as a «high-security component intended for financial systems or sensitive information storage.»